October 2004 Blog Posts
Just gotta rant for a second. (I know it's hard to believe.) There are only a few approved SOX auditing companies out there currently. The law is so broad in scope, yet undefined, that auditing companies really have no idea what they are auditing for. We have internal auditors talking to D&T; and one of the biggest problems we face is the vagueness of responses received back. None of the auditors really agree with each other on what needs to be done. Passing and/or failing an audit will not be determined by the security of the companies data. It will be determined...
Physical Database Security
· Move a SQL Server out of DMZ (this one was ticking me off). --Completed.
· Create new VLAN's for SQL Server and migrate servers. --Completed.
o Created four VLAN's to provide separation of database servers on network.
o Separates production, development, third-party, and back office.
o Allows separate rules governing activity and access security at a group level.
· Implement SQL Server Firewall --Not Started
o Will review security and firewall policy at later date.
o If current security is not sufficient for business owners, will create database firewall.
· Server Consolidation --In Progress.
o Had over 30 servers, which is not manageable. An environment that...
I know this is a little late, but I wanted to finish it up for my own purposes. The final day of PASS was incredible. Anytime you get a chance to listen in on Kimberly Tripp you should take that chance and remember it. This is how a PASS presentation should be.
Very Large Databases with SQL Server 2005 (by Lubor Kollar) -- **GOOD**
The presentation by Lubor was a high-level presentation that led really well into a lot of the presentations at PASS. He did a good job of explaining how the engine works to determine locks. He also explained the threading/fiber...